STORK PRESENTATION. STORK Overview STePS workshop, 17 June Herbert Leitold. Stork is an EU co funded project INFSO ICT PSP

Transcription

1 STORK PRESENTATION STORK Overview STePS workshop, 17 June 2009 Herbert Leitold Stork is an EU co funded project INFSO ICT PSP

2 Contents Overview Members and Work Packages Interoperability Models User Experience Functional Flows Pilots Basic Process Flows

3 STORK Member State involvement Member States/EEA STORK Member States Ref Group

4 Project s structure TIME Project Management (ATOS) eid inventory, trust & application groups (NL MOI) eid and upcoming technologies (AT TUG) eid process flows (UK IPS) Common specifications and Stork's eid models (FEDICT BE; MAP ES) National integration of Stork models and Common specifications (FEDICT BE, MAP ES) Pilots Coordination with other LSPs (AT MoH for epsos) Communication and Sustainability (Gov2U) DEFINITION AND ANALYSIS DESIGN OF INTEROPERABLE FLOWS & ARCHITECTURES CONSTRUCTION AND IMPLEMENTATION TESTING & EVALUATION

5 STORK Roadmap the way ahead Framework mapping Legal interoperability priority technologies Quality authenticator scheme eid PROCESS FLOWS Functional Design Technical Design Construction & Implementation Exploitation Evaluation Assessment on common specifications on eid Cross border authentication platform

6 STORK Two Interoperability Models STORK will investigate and pilot two interoperability models: 1. Middleware (MW) 2. Pan European Proxy Services (PEPS)... and combine them (MW MW, PEPS PEPS, MW PEPS, PEPS MW) Each model has specific legal, operational, or techniccal PEPS requirements and consequenses; e.g. on infrastructure, data protection, security, liability,...

7 STORK High Level Architectural Approach 1 Easy integration at the Service Provider with smart cards as means of eid Middleware PEPS

8 STORK Example of Middleware Architectures Application MOA ID (Server Middleware) Service Provider Domain Application eid Server (Server Middleware) Internet Internet Bürgerkartenumg. (Client Middleware) Client Domain Bürgerclient (Client Middleware)

9 STORK Communalities: Middleware Concept Application Application Internet MOA ID (Server Middleware) Bürgerkartenumg. (Client Middleware) MIDDLEWARE, SPWare Internet eid Server (Server Middleware) Bürgerclient (Client Middleware)

10 STORK Making Governments to co-operate

11 STORK PEPS Interoperability Model PEPS example: Swedish student at UK university Central national PEPSs SE PEPS UK PEPS IP IP UK Service

12 STORK combined model MW PEPS example: Austrian student at Swedish university, Virtual IDP concept SE PEPS IP vip MOA ID SE Service

13 STORK Two Interoperability Models STORK will run five pilots 1. Cross border authentication platform for electronic services 2. SaferChat 3. Student Mobility 4. Electronic Delivery 5. Change of Address PEPS

14 STORK WP5 High-Level Business Processes Use cases 1. Authentication in an online access to a service provider 2. Attribute Transfer STORK defines eid as the identifier (e.g. national citizen ID), the rest (name, date of birth, qualification...) are attributes 3. Attribute Verification is a certain attribute presented by the citizen correct? 4. Certificate Verification for electronic signatures PEPS

15 STORK Process Flow PEPS-PEPS Authentication MS A Identity Provider MS A PEPS MS B PEPS Service Provider MS B MS A Resident PEPS MS specific elements remain MS specific elements remain

16 STORK Process Flow PEPS-PEPS MS-specific PEPS

17 STORK Process Flow MW-PEPS Authentication Authentication Process Flow: WP4.1 Diagram C MS A Resident, Middleware from MS A, Service Provider and PEPS in MS B MS A resident Select to login/ register to Service Provider in MS B Select MS from the provided list. User choice Provide token for seleted eid MS A Specific MS A specific interaction with the user for validating eid. Show list of attributes Select attributes, enter PIN no Inform user I&A failed. END no User interacts with service Service Provider MS B Request eid with trust level >=x, gather needed attributes yes MS specific elements remain Proceed with Service Virtual IDP MS B PEPS Which MS issued your eid for authentication? Delegate to VIDP including the trust level, SP_ID, attributes Delegate to SPware if the trust level >= x no no Validation PEPS yes Convert assertion to internal MS B standard MS B Specific MS A SPware yes Token access initialization MS A Specific MS A specific interaction with the token Validation of Provided eid yes Create assertion with the authentication statement MS specific elements remain Service selection phase Identification phase Assertion validation and login phase

18 STORK Process Flow PEPS Attribute Transfer PEPS

19 STORK Process Flow MW-PEPS Attribute Transf. Authentication Process Flow: WP4.1 Diagram C MS A Resident, Middleware from MS A, Service Provider and PEPS in MS B No Service Provider MS A SPware Virtual IDP MS B PEPS MS A resident MS B Resident Interacting with SP in a Authenticated session Service requires attributes. Displays list of the required attributes and terms and conditions User selects to continue Attribute request, delegate to VIDP, include eid. Delegate to SPware yes no Provide token for seleted eid MS A Specific Token access initialization MS A Specific MS A specific interaction with the user for validating eid. Show list of attributes yes MS A specific interaction with the token no Select attributes, enter PIN Validation of Provided eid yes no Inform user I&A failed. END no Create assertion with the authentication statement Validation PEPS yes User interacts with service Proceed with Service Convert assertion to internal MS B standard MS B Specific Service selection phase Identification phase Assertion validation and login phase

20 STORK Process Flow Signature Validation PEPS

21 STORK eid interoperability THANK YOU FOR YOUR ATTENTION stork.eu